Skip to content

Commit bffba19

Browse files
DinisCruzDinisCruz
committed
added AUTH__EXCLUDED_PATHS to allow a number of requests to not be authenticated (for example the one that sets the auth cookie value)
1 parent e0e1b33 commit bffba19

4 files changed

Lines changed: 25 additions & 13 deletions

File tree

osbot_fast_api/api/middlewares/Middleware__Check_API_Key.py

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,18 @@
1-
from fastapi import Request, status
2-
from starlette.middleware.base import BaseHTTPMiddleware
3-
from starlette.responses import Response
4-
from osbot_utils.utils.Env import get_env
5-
from osbot_utils.utils.Json import to_json_str
6-
from osbot_utils.utils.Status import status_error
1+
from fastapi import Request, status
2+
from starlette.middleware.base import BaseHTTPMiddleware
3+
from starlette.responses import Response
4+
from osbot_utils.utils.Env import get_env
5+
from osbot_utils.utils.Json import to_json_str
6+
from osbot_utils.utils.Status import status_error
7+
from osbot_fast_api.schemas.consts__Fast_API import AUTH__EXCLUDED_PATHS
78

89
ERROR_MESSAGE__NO_KEY_NAME_SETUP = f"Server does not have API key name setup"
910
ERROR_MESSAGE__NO_KEY_VALUE_SETUP = f"Server does not have API key value setup"
1011
ERROR_MESSAGE__API_KEY_MISSING = f"Client API key is missing, you need to set it on a header or cookie"
1112
ERROR_MESSAGE__API_KEY_INVALID = "Invalid API key value"
1213

14+
15+
1316
class Middleware__Check_API_Key(BaseHTTPMiddleware):
1417

1518
def __init__(self, app, env_var__api_key__name, env_var__api_key__value):
@@ -24,6 +27,10 @@ def return_error(self, error_message):
2427
media_type = "application/json" )
2528

2629
async def dispatch(self, request: Request, call_next) -> Response:
30+
31+
if request.url.path in AUTH__EXCLUDED_PATHS: # allow for the seeing the docs and accessing the methods to set the cookie
32+
return await call_next(request)
33+
2734
if not self.api_key__name:
2835
return self.return_error(ERROR_MESSAGE__NO_KEY_NAME_SETUP)
2936
api_key_header = request.headers.get(self.api_key__name) # Check for API key in headers

osbot_fast_api/api/routes/Routes__Set_Cookie.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ class Schema__Set_Cookie(Type_Safe):
1010
class Routes__Set_Cookie(Fast_API__Routes):
1111
tag: str = 'auth'
1212

13-
def auth_cookie_form(self, request: Request): # Display form to edit auth cookie with JSON submission
13+
def set_cookie_form(self, request: Request): # Display form to edit auth cookie with JSON submission
1414
current_cookie = request.cookies.get(ENV_VAR__FAST_API__AUTH__API_KEY__NAME, '')
1515

1616
html_content = f"""
@@ -125,5 +125,5 @@ def set_auth_cookie(self, set_cookie: Schema__Set_Cookie, response: Response):
125125
}
126126

127127
def setup_routes(self):
128-
self.add_route_get(self.auth_cookie_form)
128+
self.add_route_get (self.set_cookie_form)
129129
self.add_route_post(self.set_auth_cookie)

osbot_fast_api/schemas/consts__Fast_API.py

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,12 @@
22

33
# todo: the names of these variables need a bit of refactoring and normalising
44

5+
AUTH__EXCLUDED_PATHS = [ '/auth/auth-cookie-form',
6+
'/auth/set-auth-cookie' ,
7+
'/docs' , # Maybe also exclude docs
8+
'/openapi.json' ,
9+
'/config/status' ] # Health check endpoint
10+
511
REGEX__SAFE__STR__FAST_API__TITLE = re.compile(r'[^a-zA-Z0-9 _()-]')
612

713
DEFAULT_ROUTES_PATHS = ['/', '/config/status', '/config/version']
@@ -17,17 +23,17 @@
1723
{ 'http_methods': ['GET' ], 'http_path': '/redoc' , 'method_name': 'redoc_html' }]
1824

1925

20-
EXPECTED_ROUTES_METHODS = ['auth_cookie_form',
21-
'info' ,
26+
EXPECTED_ROUTES_METHODS = ['info' ,
2227
'redirect_to_docs',
2328
'routes__html' ,
2429
'routes__json' ,
2530
'set_auth_cookie' ,
31+
'set_cookie_form' ,
2632
'status' ,
2733
'version' ]
2834
EXPECTED_ROUTES_PATHS = ['/' ,
29-
'/auth/auth-cookie-form',
3035
'/auth/set-auth-cookie' ,
36+
'/auth/set-cookie-form',
3137
'/config/info' ,
3238
'/config/routes/html' ,
3339
'/config/routes/json' ,
@@ -41,7 +47,7 @@
4147
{ 'http_methods': ['GET' ], 'http_path': '/config/version' , 'method_name': 'version' },
4248
{ 'http_methods': ['GET' ], 'http_path': '/config/routes/json' , 'method_name': 'routes__json' },
4349
{ 'http_methods': ['GET' ], 'http_path': '/config/routes/html' , 'method_name': 'routes__html' },
44-
{ 'http_methods': ['GET' ], 'http_path': '/auth/auth-cookie-form', 'method_name': 'auth_cookie_form' },
50+
{ 'http_methods': ['GET' ], 'http_path': '/auth/set-cookie-form' , 'method_name': 'set_cookie_form' },
4551
{ 'http_methods': ['POST' ], 'http_path': '/auth/set-auth-cookie' , 'method_name': 'set_auth_cookie' },]
4652
ROUTES__STATIC_DOCS = [{'http_methods': ['GET', 'HEAD'], 'http_path': '/static-docs' , 'method_name': 'static-docs' }]
4753
ROUTES_PATHS__CONFIG = ['/config/status', '/config/version']

tests/unit/api/test_Fast_API.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
import re
2-
32
import pytest
43
from unittest import TestCase
54
from fastapi import FastAPI

0 commit comments

Comments
 (0)